Skip to content

fix(build): prioritize Maven central repository#953

Closed
c-dilks wants to merge 1 commit intodevelopmentfrom
stop-404ing-clasweb
Closed

fix(build): prioritize Maven central repository#953
c-dilks wants to merge 1 commit intodevelopmentfrom
stop-404ing-clasweb

Conversation

@c-dilks
Copy link
Member

@c-dilks c-dilks commented Nov 19, 2025
edited
Loading

Maven checks repositories in order, for dependencies. If a "404 not found" is returned, it moves on to the next repository until a dependency is found. Before this PR, Maven central is last in the priority list; this PR puts Maven central first, since most of our dependencies come from there.

This should greatly reduce the number of 404s seen on clasweb logs. We now have the following numbers of 404 responses, before and after this change:

For https://clasweb.jlab.org/.clas12maven:
- before change: 166
- after change:  28
For https://clasweb.jlab.org/.jhep/maven:
- before change: 165
- after change:  11

I confirmed that the 28 remaining 404s from clas12maven and the 11 from jhep/maven are coming from cases where Maven searches clas12maven first, then finds the dependency on jhep/maven, or vice versa. We may need a repository management solution (Nexus, Artifactory) to stop those.

@c-dilks
fix(build): prioritize Maven central repository
5dd7301 
This should greatly reduce the number of 404s seen on clasweb logs. We
now have the following numbers of 404 responses, before and after this
change:

```
For https://clasweb.jlab.org/.clas12maven:
- before change: 166
- after change:  28
For https://clasweb.jlab.org/.jhep/maven:
- before change: 165
- after change:  11
```

I confirmed that the 28 remaining 404s from clas12maven and the 11 from
jhep/maven are coming from cases where Maven searches clas12maven first,
then finds the dependency on jhep/maven, or vice versa. We may need a
repository management solution (Nexus, Artifactory) to stop those.
c-dilks added a commit to JeffersonLab/clas12-timeline that referenced this pull request Nov 19, 2025
@c-dilks
fix(build): prioritize Maven central repo
e02cac8 
see JeffersonLab/coatjava#953
@c-dilks c-dilks mentioned this pull request Nov 19, 2025
Merged
@baltzell
Copy link
Collaborator

baltzell commented Nov 20, 2025

Would generating a list of the repos that change their source host be difficult?

baltzell
baltzell previously approved these changes Nov 20, 2025
View reviewed changes
@baltzell baltzell enabled auto-merge (squash) November 20, 2025 01:39
c-dilks added a commit to JeffersonLab/clas12-timeline that referenced this pull request Nov 20, 2025
@c-dilks
fix(build): prioritize Maven central repo
09f3925 
see JeffersonLab/coatjava#953
@c-dilks
Copy link
Member Author

c-dilks commented Nov 20, 2025

Would generating a list of the repos that change their source host be difficult?

I'm not sure what you mean by this.

The 404 responses is "normal" Maven behavior, unfortunately. It is not possible to tell Maven which repository to prioritize for each dependency.

@c-dilks
Copy link
Member Author

c-dilks commented Nov 20, 2025

Let's merge #954 first.

@baltzell
Copy link
Collaborator

baltzell commented Nov 20, 2025

Would generating a list of the repos that change their source host be difficult?

I'm not sure what you mean by this.

The 404 responses is "normal" Maven behavior, unfortunately. It is not possible to tell Maven which repository to prioritize for each dependency.

I mean repos whose source host change when their ordering/prioritization in our config files is changed.

@c-dilks
Copy link
Member Author

c-dilks commented Nov 21, 2025

Ah, you mean something that would come from one of our clasweb Maven repos may now come from Maven central. That's a good point.

Should we close this? The only "issue" this addresses is reducing the number of 404 responses in the server logs...

@baltzell
Copy link
Collaborator

baltzell commented Nov 22, 2025

Yes, I think we should double check that list of the differences first.

@baltzell baltzell self-requested a review December 2, 2025 15:10
@baltzell baltzell dismissed their stale review December 2, 2025 17:29

Pending info

@baltzell baltzell removed the maven label Dec 3, 2025
@c-dilks
Copy link
Member Author

c-dilks commented Dec 3, 2025

Let's not do this. Prioritizing our in-house Maven repo is safer against supply-chain attacks.

@c-dilks c-dilks closed this Dec 3, 2025
auto-merge was automatically disabled December 3, 2025 14:14

Pull request was closed

@c-dilks c-dilks deleted the stop-404ing-clasweb branch December 3, 2025 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raffaelladevita raffaelladevita Awaiting requested review from raffaelladevita raffaelladevita is a code owner

@baltzell baltzell Awaiting requested review from baltzell baltzell is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@c-dilks @baltzell